It's also susceptible to failing if you get the tiniest thing wrong in that horrible mess of single and double quotes. And it's easy to get that wrong. PreparedStatement makes parametrized queries infinitely easier, you should definitely be using it.

Try printing your SQL statements out so you can see what your DB is trying to execute. I think your SQL UPDATE needs a space after the "update", for example.

But as the others have said, using concatenated SQL strings like this is the wrong approach anyway.

Write and test your SQL separately (outside Java) using your database's SQL shell, so you can be sure you've got your SQL right before you start messing around in Java.

Then use a PreparedStatement with bind variables in Java for your SQL because it's easier to write/read/maintain, more secure (helps prevent SQL injection) and more efficient (allows your database to re-use the parsed SQL).